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(57) ABSTRACT 

A configuration file is provided to a communication device. 
Identification information associated with the communica- 
tion device is received and configuration information is 
retrieved from a database based on the identification infor- 
mation. A configuration file is generated from the configu- 
ration information and provided to the communication 
device. 
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PROVIDING A CONFIGURATION FILE TO A 
COMMUNICATION DEVICE 



BACKGROUND OF THE INVENTION 

This invention relates to providing a configuration file to 
a communication device such as a modem. 

In the case of a cable modem that couples cable television 
("CATV") cable to a personal computer ("PC"), for 
example, a configuration file is sent on the cable from a cable 
modem termination system ("CMTS") to the cable modem. 
The configuration file includes configuration information 
that defines the modem's access to services on the cable 
network, such as an amount of bandwidth that will be 
available to the modem. 

SUMMARY OF THE INVENTION 

In general, in one aspect of the invention, a configuration 
file is provided to a communication device. Identification 
information associated with the communication device is 
received and configuration information is retrieved from a 
database based on the identification information. A configu- 
ration file is generated from the configuration information 
and it is then provided to the communication device. 

Among the advantages of the invention may be one or 
more of the following. The configuration file can be custom- 
tailored rather than using an existing file. Consequently, 
there is less chance that the communication device will 
receive the wrong configuration file. Authentication may 
also be included to further reduce the chances that the wrong 
configuration file will be received. 

Other features and advantages of the invention will 
become apparent from the following description and the 
claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 shows a network system according to one embodi- 
ment of the invention. 

FIG. 2 shows an architecture of a CMTS according to one 
embodiment of the invention. 

FIG. 3 shows a process for providing a configuration file 
to a communication device according to one embodiment of 
the invention. 

FIG. 4 shows a process for authenticating a request for a 
configuration file according to one embodiment of the 
invention. 

FIG. 5 shows a structure of a configuration file according 
to one embodiment of the invention. 

DESCRIPTION 

FIG. 1 shows a network system 1. Network system 1 
includes processing device 2, modem 4, broadband network 
5, CMTS 6, and external network 7 such as the Internet. 

Broadband network 5 is an existing CATV cable network 
with connections to CMTS 6 and subscribers' homes (not 
shown). Hybrid fiber coaxial cable ("HFC") is the primary 
physical transmission medium of broadband network 5. 
Signals run in standard fiber-optic cables from a central 
location such as CMTS 6 to locations near the subscriber. 
From there, standard coaxial cables run into the subscribers' 
homes. 

In one embodiment, modem 4 is a DOCSIS ("Data-Over- 
Cable Service Interface Specifications") compliant cable 
modem (see "Data-Over-Cable Interface Specifications: 
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Radio Frequency Interface Specification", SP-RFlvl. 1-101- 
990311 (Mar. 11, 1999)). Modem 4 includes a standard 
coaxial receptacle 9 for interfacing to broadband network 5. 
Through this interface, modem 4 transmits data from pro- 
cessing device 2 to broadband network 5 (upstream) and 
from broadband network 5 to processing device 2 
(downstream). In FIG. 1, modem 4 is a PCI ("Peripheral 
Component Interconnect") bus add-in card on processing 
device 2; however a stand-alone modem with a local pro- 
cessor may be used instead. 

Processing device 2 includes a processor 12 and a 
memory 10 for storing code 11 (see view 14). Examples of 
processing devices are a personal computer ("PC") 
(depicted), a settop box, and a digital television. Processor 
12 executes code 11 to communicate with modem 4, to 
include cryptographic certificate (s) in requests sent from 
modem 4 (see below), and to generate digital signatures for 
the certificates. A digital signature is created by generating 
a hash value of a certificate's body (e.g., text) and encrypting 
the hash using the modem's private key. In a stand-alone 
modem, these functions may be performed in the modem 
itself. 

CMTS 6 interfaces external network 7 to broadband 
network 5 and thus to cable modems on broadband network 
5. CMTS is usually controlled by a CATV company, which 
also controls the broadband network. FIG. 2 shows the 
architecture of CMTS 6. 

CMTS 6 includes upstream demodulator 15, downstream 
modulator 16, and router 19. Computer 20 is shown as 
external to CMTS 6, though it may be internal as well. 
Upstream demodulator 15 mediates data flow from broad- 
band network 5 to router 19; and downstream modulator 16 
mediates data flow from router 19 to broadband network 5. 
Router 19 routes data packets among upstream demodulator 
15, downstream modulator 16, computer 20, and external 
network 7. Router 19 includes a memory 21 which stores 
routing code 22 and a processor 24 which executes the 
routing code (see view 25). 

Computer 20 includes a processor 26 and a memory 27 
(see view 23). Memory 27 stores a database 29 which, if 
necessary, can span several computers. Database 29 includes 
configuration information for modem 4 and other modems 
on broadband network 5. This configuration information can 
be compiled manually or through an "on-line sign -up sheet" 
such as an HTML ("HyperText Mark-up Language") form 
that is filled-out by a user during a first connection of a 
modem to broadband network 5. In database 29, configu- 
ration parameters are indexed to identification information 
for a corresponding modem. This identification information 
may be the IP ("Internet Protocol") address or the MAC 
("Media Access Control") address of the modem, or any 
other type of identification information such as information 
contained in a digital certificate. 

The configuration information in database 29 describes 
the services that a modem is entitled to, and is sufficient to 
allow the modem to connect to, and operate on, the network. 
It includes one or more of the following for each modem on 
the broadband network 5: network access configuration 
setting, DOCSIS 1.0 class of service configuration setting, 
upstream service flow configuration setting, downstream 
service flow configuration setting, downstream frequency 
configuration setting, upstream channel ID ("IDentifier") 
configuration setting, baseline privacy configuration setting, 
software upgrade file name configuration setting, upstream 
packet classification setting, SNMP ("Simple Network Man- 
agement Protocol") write-access control, SNMP MIB 
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("Management Information Base") object, software server contents of the body using a standard hashing algorithm, 

IP address, CPE ("Customer Premise Equipment") Ethernet such as MD5 (Message Digest 5). 

MAC address, maximum number of CPEs, maximum num- Authentication server 32 determines if the request is 

ber of classifiers, privacy enable configuration setting, pay- authentic 302, meaning that it actually originated from 

load header suppression, TFT P ("T rivial File Transfer 5 mo d cm 4, based on the authentication information in the 

Protocol") server timestamp, TFTP server provisioned certificate. FIG. 4 shows an authentication process, 

modem address, pad configuration settings, telephone set- ~ , . . A m ,t_ 

j , ° . n £ ■ „• To begin, authentication server 32 decrypts 401 the cer- 

tings options, and vendor-specihc configuration settings. . • t_v i j i_ * . i 

nArvic 1 a i r • & . tificate using a public key that corresponds to the private key 

DOCSIS 1.0 class of service configuration setting, upstream , f t - fi f. - . . A m 

a a . j j . usec * l° r encryption. It then independently generates 402 a 

service now configuration setting, and downstream service 10 . . . - , « r.u --a . V- . ^ 

„ e - ^- -c r . j - JiL hash value from the body of the certificate. This generated 

flow configuration setting specify amounts of bandwidth , , , . , AfX ~ . , , , ,. .7 , . 

„ ... j , 1. jl j 1* nasn value is compared 403 to the decrypted digital sign a - 

allocated to modem 4 on broadband network 5. , , ^ ~ . . , . *T n , *i_ . • 

ture (hash value). If there is a match in 404, the request is 

Memory 27 also stores code 30, which is comprised of deemed authentic in 405. Otherwise, the request is deemed 

instructions for execution by processor 26, Code 30 includes not t0 ^ e au thentic in 406. 

smart TFTP server 31, authentication server 32, SNMP 15 A . t . ' ^ . . . 

*a cAr /«c- 10 t »\ ie As an alternative to the FIG. 4 process, authentication 

manager 34, SQL ("Simple Querying Language") server 35, „ . . . t t _ rtT r * , , 
nn A rujr-D/"rk, f «-, m ,v u^t rv^fL,.* t;^D server 32 may simply instruct SQL server 35 to locate, in 

and DHCP ( Dynamic Host Configuration Protocol ) server , . „ J \. J c , , , Tri 

-\c cKT**r» -\a ■ -j -1 p m u j j database 29, an identifier of modem 4, such as its IP address, 

36. SNMP manager 34 is provided for IP-based modem- .. J T <- ■ 1 . . 

* _ t cri / aF , lor „™„ trt serial number, or MAC address. If the identifier is located, 

network management. SQL server 35 manages access to . . , ■ . t A 

• I in a .u 4- *• m *u * * in the request is deemed authentic, otherwise it is not. If 

database 29. Authentication server 32 verifies that requests 20 , . M , ft . , c • ■ * L 

r - R1 e . A t „ ... . . , database 29 mdexes configuration information by MAC 

for a configuration file from modem 4 actually did originate ,, it _ 4 . t . r 6 .. . ' 
r 1 * . , it 0 1 address, authentication of this type requires a mapping 

from modem 4. DHCP server 36 provides an address and the . * jtiCjj rr to 

. c t . C1 , 4 between the modem s MAC and IP addresses, 
modem s configuration file name to smart TFTP server 31. 

Smart TFTP server 31 generates a configuration file for Returning to FIG. 3, if authentication s erver 32 deter- 

rnodem 4 from configuration information in database 29 and 25 mines that the request is not authentic, smart TFTP server 31 

protects its content by generating a message integrity check- denies 303 the request. Denial may mean simply ignoring 

sum which is embedded in the file. Smart TFTP server 31 foe request or instructing SNMP server 35 to issue a message 

then provides that configuration file to modem 4. indicating that the request has been denied. If the request is 

FIG. 3 shows a process for providing a configuration file au f thenlic ' sn l art ^ 3 ^ retrieves 304 configuration 

to modem 4 using code 30. To begin, modem 4 issues a 30 "Nation for modem 4 from database 29. 

standard TFTP request for a configuration file to CMTS 6. On ce the configuration information has been retrieved, 

This may be done when modem 4 is first connected to smart TFTP server 31 generates 305 a configuration file for 

broadband network 5 or at a subsequent re- initialization. modem 4. A structure of a configuration file 37 is shown in 

CMTS 6 receives the request in 301 and routes the request FIG. 5. 

through upstream demodulator 15 and router 19 to computer 35 Configuration file 37 includes parameters 39 that corre- 

20, where the request is processed. spond to one or more of the foregoing modem configuration 

The request includes minimum identification information settings. It includes a type (i.e., an identity), a length, and a 

for modem 4, such as modem 4's source IP address and value for each parameter. Configuration file 37 also includes 

maybe its MAC address (for example, if smart TFTP server 4Q types, lengths, and values for CM MIC ("Message Integrity 

31 is implemented on router 19 and the source MAC address Checksum") 40 and CMTS MIC 41. These checksum values 

is available). A standard TFTP request does not contain are calculated based on the configuration settings in file 37. 

authentication information. Therefore, an additional mecha- CM MIC 40 is used by modem 4 to ensure that the 

nism is used for authentication. parameters in configuration file 37 were not altered during 

More specifically, smart TFTP server 31 issues an SNMP 45 transmission from CMTS 6. CMTS MIC 41 is used to 

query to modem 4 requesting authentication information. authenticate modem 4 to CMTS 6 during its registration. 

The SNMP query is addressed using modem 4*s address in Finally, configuration file 37 includes an end of data marker 

its original TFTP request. The SNMP query can be issued ^2. 

directly, or through SNMP manager 34. Modem 4 replies to Returning to FIG. 3, after the configuration file is 
the SNMP query with a certificate containing authentication 50 generated, smart TFTP server 31 provides 306 the configu- 
information, which can be verified by authentication server ration file to modem 4 using standard TFTP protocol. Upon 
32, and then used to reference information in database 29 by receipt, modem 4 configures 307 itself in accordance with 
issuing an SQL query to SQL server 35. The certificate may the configuration file settings. Alternatively, modem 4 may 
be an ITU (International Telecommunication Union) X.509 provide the configuration file to processor 12 which then 
standard certificate. 55 configures the modem based on the configuration file set- 
Alternatively, a request for authentication information tings, 
may be made through DOCSIS Baseline Privacy Plus Other embodiments of the invention are within the scope 
("BPI+") MAC messaging. To do this, smart TFTP server 31 0 f the following claims. For example, the processes of FIGS, 
accesses a MAC messaging mechanism in CMTS 6. This 3 and 4 may be implemented by code running on processor 
can be done by encapsulating MAC messages in IP protocol 60 24 in router 19. Also, although the invention is described in 
frames. the context of a DOCSIS-compIiant cable modem and 
Regardless of the communication method, once modem 4 CMTS, it can be used with any type of communication 
supplies the certificate, it may be checked internally in smart device that receives a configuration file from a central 
TFTP server 31 or presented to authentication server 32 for location and that require reliable authentication. Depending 
verification. The certificate is encrypted, and contains a 65 upon the device, different (in terms of both content and 
body, which may be plain text or the like, and a digital structure) configuration parameters than those above may be 
signature. The digital signature is generated by hashing the used. 
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What is claimed is: 

1. A method of providing a configuration file to commu- 
nication device over a network, comprising: 

receiving identification information for the communica- 
tion device in response to the communication device 
connecting to the network or re -initializing; 

retrieving configuration information from a database 
based on the identification information; 

generating a configuration file from the configuration 
information; and 

providing the configuration file to the communication 
device. 

2. The method according to claim 1, further comprising 
receiving a request for a configuration file along with the 
identification information; 

wherein the retrieving, generating and providing are per- 
formed in response to the request. 

3. The method according to claim 1, wherein the identi- 
fication information comprises a network address. 

4. The method according to claim 3, further comprising: 
receiving a request along with the identification informa- 
tion; and 

determining if the request is authentic; 

wherein the providing provides the configuration file to 

the communication device if the request is determined 

to be authentic. 

5. The method according to claim 1, wherein the receiving 
further comprises: 

receiving a request from the communication device; 

querying the communication device for authentication 
information in response to the request, the authentica- 
tion information being used for verification of the 
request; and 

receiving the authentication information in response to the 
querying. 

6. The method according to claim 5, further comprising 
determining if the request is authentic based on the authen- 
tication information; 

wherein the providing provides the configuration file to 
the communication device if the request is determined 
to be authentic. 

7. The method according to claim 6, wherein the authen- 
tication information comprises a body and a digital signature 
that is encrypted using a private key; and 

wherein the determining comprises: 

decrypting the digital signature using a public key 

corresponding to the private key; 
generating a hash value of the body; and 
comparing the hash value to the decrypted digital 

signature. 

8. The method according to claim 1, wherein the com- 
munication device comprises a cable modem. 

9. A method of providing a configuration file to a cable 
modem over a network, comprising: 

receiving identification information for the cable modem 
and a request for a configuration file that originated 
from the cable modem in response to the communica- 
tion device connecting to the network or re-initializing; 
and 

determining whether the request is authentic using the 

identification information; 
wherein, if the request is determined to be authentic, the 

method further comprises: 

retrieving configuration information from a database in 
response to the request; 



20 



25 



generating a configuration file from the configuration 

information; and 
providing the configuration file to the cable modem. 

10. A method of providing a configuration file to a 
5 communication device over a network, comprising: 

receiving a request for a configuration file from the 
communication device in response to the communica- 
tion device connecting to the network or re- initializing; 

determining if the request is authentic; and 
10 providing the configuration file to the communication 
device if the request is determined to be authentic. 

11. The method according to claim 10, further comprising 
receiving a certificate from the communication device; 

wherein the determining determines if the request is 
15 authentic based on the certificate. 

12. The method according to claim 11, wherein the 
certificate includes a body and a digital signature that is 
encrypted using a private key; and 

wherein the determining comprises: 

decrypting the digital signature using a public key 

corresponding to the private key; 
generating a hash value of the body; and 
comparing the hash value to the digital signature. 

13. The method according to claim 10, wherein the 
communication device comprises a cable modem. 

14. An apparatus which provides a configuration file to a 
communication device over a network, comprising: 

a memory which stores executable code and a database 

that includes configuration information; and 
a processor which executes the code (i) to receive iden- 
tification information for the communication device in 
response to the communication device connecting to 
the network or re -initializing, (ii) to retrieve configu- 
ration information from the database based on the 
identification information, (iii) to generate a configu- 
ration file from the configuration information, and (iv) 
to provide the configuration file to the communication 
device. 

15. The apparatus according to claim 14, wherein the 
processor (i) receives a request from the communication 
device, (ii) determines if the request is authentic, and (iii) 
provides the configuration file to the communication device 
if the request is determined to be authentic. 

16. The apparatus according to claim 15, wherein: 
the processor receives a certificate from the communica- 
tion device; and 

determines if the request is authentic based on the cer- 
tificate. 

17. The apparatus according to claim 16, wherein the 
certificate comprises an ITU X.509 certificate. 

18. The apparatus according to claim 16, wherein: 

the certificate comprises a body and digital signature that 

is encrypted using a private key; and 
the determining performed by the processor comprises (i) 
55 decrypting the digital signature using a public key 

corresponding to the private key, (ii) generating a hash 

value of the body, and (iii) comparing the hash value to 

the decrypted digital signature. 

19. The apparatus according to claim 14, wherein the 
60 configuration information comprises a parameter specifying 

an amount of bandwidth available to the communication 
device. 

20. The apparatus according to claim 14, which resides in 
a cable modem termination system (CMTS) that provides an 

65 interface between a broadband network and an external 
network, wherein the communication device comprises a 
cable modem. 
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21. An apparatus which provides a configuration file to a 
communication device over a network, comprising: 

a memory which stores executable code and a database 
that includes configuration information; and 

a processor which executes the code so as (i) to receive a 
request for a configuration file from the communication 
device in response to the communication device con- 
necting to the network or re -initializing, (ii) to deter- 
mine if the request is authentic, and (iii) to provide the 
configuration file to the communication device if the 
request is determined to be authentic. 

22. The apparatus according to claim 21, wherein the 
processor receives a certificate from the communication 
device and determines if the request is authentic based on the 
certificate. 

23. The apparatus according to claim 22, wherein the 
certificate comprises an ITU X.509 certificate. 

24. The apparatus according to claim 22, wherein 

the certificate comprises a body and a digital signature 
that is encrypted using a private key; and 

the processor determines if the request is authentic by (i) 
decrypting the digital signature using a public key 
corresponding to the private key, (ii) generating a hash 
value of the body, and (iii) comparing the hash value to 
the digital signature. 

25. An article comprising a computer-readable medium 
encoded with a computer program that comprises instruc- 
tions to: 

receive identification information for a communication 

device over a network; 
retrieve configuration information from a database based 

on the identification information in response to the 

communication device connecting to the network or 

re -initializing; 

generate a configuration file from the configuration infor- 
mation; and 

provide the configuration file to the communication 
device. 
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26. The article according to claim 25, further comprising 
instructions to: 

receive a request from the communication device; and 

determine if the request is authentic; 

wherein the providing provides the configuration file to 

the communication device if the request is determined 

to be authentic. 

27. The article according to claim 26, further comprising 
instructions to receive a certificate from the communication 
device; 

wherein the determining determines if the request is 
authentic based on the certificate. 

28. The article according to claim 27, wherein the cer- 
tificate comprises an ITU X.509 certificate. 

29. An article comprising a computer-readable medium 
encoded with a computer program that comprises instruc- 
tions to: 

receive a request for a configuration file from a commu- 
nication device in response to the communication 
device connecting to the network or re -initializing; 

determine if the request is authentic; and 

provide the configuration file to the communication 
device if the request is determined to be authentic. 

30. A network system comprising: 

a cable modem which outputs identification information 
and a request for a configuration file; and 

a cable modem termination system (CMTS) which (i) 
receives the identification information and the request 
in response to the communication device connecting to 
the network or re-initializing, and (ii) determines if the 
request is authentic; 

wherein, if the request is determined to be authentic, the 
CMTS (iii) retrieves configuration information from a 
database based on the identification information, (iv) 
generates a configuration file from the configuration 
information, and (v) provides the configuration file to 
the cable modem. 
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